Search Blog Stats Labs

Tools EIP CLI Search Tool EIP MCP Server EIP REST API API Rate Limits

About

About Exploit Intel About Exploit Forge Privacy Policy

RSS Feeds

Blog Posts Recent CVEs CVEs with Exploits CISA KEV

Color Theme

Search Blog Statistics Labs Tools EIP CLI Search Tool EIP MCP Server EIP REST API API Rate Limits About About Exploit Forge Privacy

Exploit Database Researchers CWE Categories Vendors Ecosystems

RSS Feeds

Blog Posts Recent CVEs CVEs with Exploits CISA KEV

Follow:

Theme:

Home / CWE / CWE-770

CWE-770

High likelihood

Allocation of Resources Without Limits or Throttling

Parent: CWE-400 - Uncontrolled Resource Consumption

The product allocates a reusable resource or group of resources on behalf of an actor without imposing any intended restrictions on the size or number of resources that can be allocated.

1,858 vulnerabilities with CWE-770

CVE-2026-34827 HIGH

Rack: Algorithmic-Complexity DoS in Rack::Multipart::Parser

CVE-2026-34593 HIGH

Ash Framework: Ash.Type.Module.cast_input/2 atom exhaustion via unchecked Module.concat allows BEAM VM crash

CVE-2026-34829 HIGH

Rack: Denial of Service via Unbounded Multipart File Upload Without Content-Length

CVE-2026-34826 MEDIUM

Rack: Unbounded Range Count in get_byte_ranges Enables DoS

CVE-2026-31935 HIGH

Suricata http2: unbounded resource consumption

CVE-2026-32145 HIGH

Multipart form body parser bypasses body size limits in wisp

CVE-2026-5316 MEDIUM

Nothings stb stb_vorbis.c setup_free allocation of resources

CVE-2026-34517 MEDIUM

AIOHTTP: Late size enforcement for non-file multipart fields causes memory DoS

CVE-2026-34516 HIGH

AIOHTTP: Multipart Header Size Bypass

CVE-2026-34513 HIGH

AIOHTTP: Denial of Service (DoS) via Unbounded DNS Cache in TCPConnector

CVE-2026-22815 HIGH

AIOHTTP: Uncapped memory usage possible through aiohttp allowing unlimited trailer headers

CVE-2026-34165 MEDIUM

go-git: Maliciously crafted idx file can cause asymmetric memory consumption

CVE-2026-21710 HIGH

Node.js 20.x 22.x 24.x 25.x - Denial of Service via __proto__ Header Handling

CVE-2026-32980 HIGH

OpenClaw < 2026.3.13 - Resource Exhaustion via Unauthenticated Telegram Webhook Request

CVE-2026-33871 HIGH

Netty HTTP/2 CONTINUATION Frame Flood DoS via Zero-Byte Frame Bypass

CVE-2026-26061 HIGH

Fleet's unbounded request body read allows remote Denial of Service

CVE-2026-33743 MEDIUM

Incus vulnerable to denial of source through crafted bucket backup file

CVE-2026-33658 MEDIUM

Rails Active Storage Proxy Mode - Multi-Range Denial of Service

CVE-2026-33621 MEDIUM

PinchTab: Unapplied Rate Limiting Middleware Allows Unbounded Brute-Force of API Token

CVE-2026-33541 MEDIUM

TSPortal's Uncontrolled User Creation via Validation Side Effects Leads to Potential Denial of Service

CVE-2026-33438 MEDIUM

Stirling-PDF vulnerable to DoS via add-watermark

CVE-2026-4897 MEDIUM

Polkit: polkit: denial of service via unbounded input processing through standard input

CVE-2026-27663 MEDIUM

Siemens CPCI85 and RTUM85 < V26.10 - Denial of Service via Remote Operation Mode

CVE-2026-33219 MEDIUM

NATS is vulnerable to pre-auth DoS through WebSockets client service

CVE-2026-33332 HIGH

NiceGUI's unvalidated chunk size parameter in media routes can cause memory exhaustion

Previous Page 9 of 75 Next

Details

Vulnerabilities 1,858

Exploit Likelihood High

Links

MITRE CWE Entry Search this CWE With Exploits

Exploit Intelligence Platform

Blog Stats Labs Exploits Researchers CWE Ecosystems CLI MCP API Limits About Privacy